#!/bin/sh

#
# Test that applying firmware with the wrong public key fails
#

. "$(cd "$(dirname "$0")" && pwd)/common.sh"

cat >$CONFIG <<EOF
file-resource TEST {
	host-path = "${TESTFILE_1K}"
}

task complete {
	on-resource TEST { raw_write(0) }
}
EOF

# Create new keys
cd $WORK
$FWUP_CREATE -g
cd -

# Sign the firmware
$FWUP_CREATE -s $WORK/fwup-key.priv -c -f $CONFIG -o $FWFILE

# Create new keys and try to use them instead of the first ones
# It should be insanely unlikely that we'll generate the same keys twice
cd $WORK
mv fwup-key.pub fwup-key-orig.pub
mv fwup-key.priv fwup-key-orig.priv
$FWUP_CREATE -g
cd -

# Check that applying the firmware with checking signatures fails
echo Expecting a failure from apply...
if $FWUP_APPLY -q -p $WORK/fwup-key.pub -a -d $IMGFILE -i $FWFILE -t complete; then
    echo A bad signature should have been detected
    exit 1
fi
echo Expecting error from verify...
if $FWUP_VERIFY -V -p $WORK/fwup-key.pub -i $FWFILE; then
    echo A bad signature should have been detected
    exit 1
fi

echo Expecting error from list...
if $FWUP_APPLY -l -p $WORK/fwup-key.pub -i $FWFILE; then
    echo A bad signature should have been detected
    exit 1
fi

echo Expecting error from metadata...
if $FWUP_APPLY -m -p $WORK/fwup-key.pub -i $FWFILE; then
    echo A bad signature should have been detected
    exit 1
fi

